User-domain agents need the Background session type to bootstrap into user/501, and activation should fail rather than silently unloading services when launchctl bootstrap fails.
This patch updates all usage of toPlist such that it escapes any strings
in the final output.
The motication for this change is to avoid confusion when end-users of
home-manager's APIs are not aware that the option values they set end up
being passed un-escaped to XML files.
BREAKING CHANGE: Consumers doing manual escaping will now be doubly escaped.
Co-authored-by: Linnnus <linnnus@users.noreply.github.com>